Hi All,
I am just looking to better understand this stop and I am not getting enough information in the documents to help me join the dots.
Resident SSH Keys
I understand with resident SSH keys that the all the information including the identity file is located on the OnlyKey making it a self contained package where I can access my SSH private key anywhere as long as I have the OnlyKey.
- Can someone please confirm that when I execute the
ssh-add -K
command, the identity file is loaded into the ssh agent not the private key?
Non-Discoverable Credentials
Non-Discoverable Credentials are created using the keying material on the OnlyKey but the associated identity file is kept on disk.
ssh-keygen -t ed25519-sk
- What happens if I delete the identity file, can the identity file be regenerated or is the key now useless?
- Is the identity file an AES encrypted file and is not sensitive in and of itself?
- I assume that the inputs to the keying process is more than just the keying material on the OnlyKey which therefore allows you to create an unlimited number ssh keys? (e.g. a nonce value which would therefore also prevent regenerating keys?)
** Derived SSH Keys**
From what I can tell the only-agent is required because it somehow enables the regeneration of a key as long as the input e.g `onlykey-agent sometext’ is identical to the key you are seeking to recover.
General Question
Just trying to understand what the onlykey-agent does above and beyond ssh-keygen for the key generation process only.
Thank you